fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Trucking Giant Forward Air Reports Ransomware Data Breach

Trucking Giant Forward Air Reports Ransomware Data Breach

Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees’ personal information.

In December 2020, Forward Air suffered a ransomware attack by what was believed to be a new cybercrime gang known as Hades. This attack caused Forward Air to shut down its network, which led to business disruption and the inability to release freight for transport.

An SEC filing by Forward Air states that the company lost $7.5 million of less than load (LTL) freight revenue “primarily because of the Company’s need to temporarily suspend its electronic data interfaces with its customers.”

Also Read: What You Need to Know About Singapore’s Data Sharing Arrangements

Researchers later revealed that this attack was likely conducted by members of the Evil Corp cybercrime gang, who routinely perform attacks under different ransomware names, such as Hades, to evade US sanctions.

Hades Tor negotiation site

At the time, BleepingComputer was contacted by multiple Forward Air employees concerned that the attack exposed their personal information.

As part of the attack, the threat actors created a Twitter account that they claimed would be used to leak data stolen from Forward Air. However, no data was ever seen leaked by the threat actors.

Forward Air discloses a data breach

Fast forward almost a year, and Forward Air is now disclosing that current and the ransomware attack exposed former employees’ data.

“On December 15, 2020, Forward Air learned of suspicious activity occurring within certain company computer systems. Forward Air immediately launched an investigation to determine the nature and scope of the incident,” reads a data breach notification sent to Forward Air employees.

“The investigation determined that certain Forward Air systems were accessible in November and early December 2020, and that certain data, which may have included your personal information, was potentially viewed or taken by an unknown actor.” 

The information that the Evil Corp threat actors potentially accessed includes employees’ names, addresses, date of births, Social Security numbers, driver’s license numbers, passport numbers, or bank account numbers.

While Forward Air states that there is no indication that the data has been misused, they are offering affected people a free one-year membership to the myTrueIdentity credit monitoring service.

Also Read: PDPA Compliance for HR Managers in Singapore: A Must

As there is no way to determine if a threat actor has used stolen data, even if they promise not to after a ransom payment, all affected employees should assume that their data has been compromised.

This means that they should monitor their credit reports, bank statements, and be on the lookout for targeted phishing attacks. 

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us